Velociraptor - Installation and Deployment - CastleDefender

# Velociraptor - Installation and Deployment 06-10-2025 **Tags:** #Velociraptor **Links:** --- ## Table of Contents - [[#Create the Server Configuration File]] - [[#Create and Install the Server Package]] - [[#Generate a Windows Client Installation Package]] --- ## Create the Server Configuration File 1. **Create a working directory**: `mkdir ~/velociraptor_setup && cd ~/velociraptor_setup` > [!note] > This directory and its contents won't be needed after the server is installed. However, it's **highly recommended** to keep a backup copy off the server for disaster recovery. 2. **Download the Velociraptor binary** for your platform: `wget -O velociraptor https://github.com/Velocidex/velociraptor/releases/download/v0.74/velociraptor-v0.74.1-linux-amd64` 3. **Make the binary executable**: `chmod +x velociraptor` 4. **Generate the server configuration file**: `./velociraptor config generate -i` 5. **During setup**, accept defaults for a quick setup, but make sure to: - Select **self-signed SSL** - Enter the **internal IP address** of your server (e.g., `10.0.10.30`) 6. **Create the admin user and password** when prompted. 7. **Press enter** past the empty username prompt to finalize the user creation. 8. **Accept the default file name** when saving the config file. --- ### Modify the Configuration File Before building the `.deb` installer, modify your config to make the service accessible: `nano server.config.yaml` Update these lines: `Frontend: bind_address: 0.0.0.0` `GUI: bind_address: 0.0.0.0` > [!warning] About Secure Access > Self-signed SSL only supports **basic auth**. Never expose the GUI to the public internet this way. It's safer to leave `GUI.bind_address` set to `127.0.0.1` and use **SSH port forwarding**. > [!important] Protect Your Config File > This file is critical to your deployment. Keep it **secure** and **backed up**, as it's rarely changed after setup. --- ## Create and Install the Server Package With your config ready, generate and install the Velociraptor server package: `./velociraptor debian server --config ./server.config.yaml` Install the generated `.deb` file: `sudo dpkg -i velociraptor_server_0.74.1_amd64.deb` ### Verify the Service and Ports Check the service status: `systemctl status velociraptor_server.service` Check if ports are open: `nc -vz 127.0.0.1 8889 nc -vz 127.0.0.1 8000` If successful, the service is running and reachable. Login via a browser: `https://<your-server-ip>:8889` --- ## Generate a Windows Client Installation Package You can generate a custom MSI installer from the Velociraptor Admin GUI. This is preferred over using the prebuilt MSI. 1. In the Velociraptor web GUI, go to **Server Artifacts** in the left-hand sidebar. ![[velo_server_artifacts.png]] 2. Click the **+** button to create a new collection. 3. Search for `Server.Utils.CreateMSI`, select it, and click **Launch**. 4. The repacked MSI file will appear in the **Uploaded Files** tab. 5. **Download** the MSI file. 6. Transfer it to your Windows endpoint (USB, network share, etc.). 7. Run the MSI installer. It will appear to silently complete, but: - Check Windows **Services** to confirm the Velociraptor service is installed and running. 8. In your Velociraptor server GUI, you should now see **1 connected client**. ![[velo_clients.png]] --- ## References - [Velociraptor Quickstart Guide](https://docs.velociraptor.app/docs/deployment/quickstart/)